Justice News

Cyber criminal sentenced for hacking universities

ATLANTA – Olayinka Olaniyi, a citizen of Nigeria, was sentenced on charges of conspiracy to commit wire fraud, computer fraud and aggravated identity theft. Olaniyi was convicted by a federal jury on August 9, 2018, after a three-day trial. Co-defendant, Damilola Solomon Ibiwoye, pleaded guilty to similar charges and was sentenced on January 31, 2018.

“These defendants’ attempted theft of millions of dollars by tricking unsuspecting victims into providing personal information, subsequently leading to the infiltration of other computer systems,” said U.S. Attorney Byung J. “BJay” Pak. “While cybercrime has no borders, those who operate under the cloak of anonymity that the Internet provides will not be shielded from extradition and prosecution.”

“This sentence is the direct result of the hard work of FBI investigators and federal prosecutors working with their international partners, proving once again that cybercriminals cannot hide behind geographic borders anymore,” said Chris Hacker, Special Agent in Charge of FBI Atlanta. “We are determined to protect our citizens and our institutions no matter how far the investigation reaches.”

“The scheme that these perpetrators attempted against college and university employees in our state is unfortunately all too common and underscores the ever-increasing need to remain vigilant in cybersecurity efforts,” said Attorney General Chris Carr. “We will continue working with our local, state and federal partners to investigate and prosecute those who seek to steal from Georgians and educate our citizens on how to avoid falling victim to deceptive practices.”

According to U.S. Attorney Pak, the charges, and other information presented in court: Olaniyi and Ibiwoye were behind several “phishing scams” that targeted colleges and universities in the United States, including the Georgia Institute of Technology (“Georgia Tech”) and the University of Virginia. While both are Nigerian citizens, they committed their crimes while living in Kuala Lumpur, Malaysia, and were extradited to the United States to face these charges.

A “phishing scam” is the act of sending fraudulent emails that appear to come from legitimate enterprises for the purpose of tricking the recipients into providing personal information, including usernames and passwords. Olaniyi and Ibiwoye directed phishing emails to college and university employees. Once they had possession of employee logins and passwords, they were able to steal payroll deposits by changing the bank account into which the payroll was deposited. Also, while logged into the university system through the stolen logins and passwords, these defendants were able to gain access to employee W2 forms, which they used to file fraudulent tax returns. The attempted theft was over $6 million.

The stolen funds were routed into U.S. bank accounts, and the evidence showed that access to these bank accounts was acquired through the use of romance scams, where fraudsters pose on dating sites and apps as potential partners to gain the trust of their victim. At some point, the fraudsters made requests to deposit money into their victims’ accounts and claimed to need all of the account information, including their account numbers, routing numbers, passwords, and answers to security questions. In this case, all of that information was then used to funnel the proceeds of theft through those accounts and out of the country.

Olayinka Olaniyi, 34, of Nigeria was sentenced to five years, 11 months in prison, to be followed by three years of supervised release on October 22, 2018. Olaniyi was also ordered to pay restitution in the amount of $56,175.44.

Damilola Solomon Ibiwoye, 29, of Nigeria was sentenced to three years, three months in prison to be followed by three years of supervised release on January 31, 2018. He was also ordered to pay $56,175.44 in restitution.